Page 1 of 1
NtQueryInformationProcess hook
Posted: Thu Feb 20, 2014 5:35 pm
by Buster
Sandboxie hooks NtQueryObject in order to return a faked path instead the real one to sandboxed applications.
I would like to request you hook also NtQueryInformationProcess (ProcessImageFileName) in the same terms as NtQueryObject, so faked path is returned too for that function.
http://msdn.microsoft.com/en-us/library ... 85%29.aspx
ProcessImageFileName
27
Retrieves a UNICODE_STRING value containing the name of the image file for the process.
Re: NtQueryInformationProcess hook
Posted: Fri Feb 21, 2014 1:38 pm
by Curt@invincea
tzuk has some comments in the code that look like he started working on this. It sounds like a good idea, but there may be some issues that caused him to postpone it. Please give us some time to investigate.
Re: NtQueryInformationProcess hook
Posted: Fri Feb 21, 2014 1:52 pm
by Buster
Nice, thanks!
Re: NtQueryInformationProcess hook
Posted: Fri Apr 04, 2014 12:17 am
by Buster
Will be possible to introduce the requested hook?
Re: NtQueryInformationProcess hook
Posted: Wed Jun 18, 2014 3:47 pm
by Buster
Sandboxie 4.13.1 will include this feature?
Re: NtQueryInformationProcess hook
Posted: Wed Jun 18, 2014 6:16 pm
by Curt@invincea
Buster wrote:Sandboxie 4.13.1 will include this feature?
That will probably be in 4.13.2.
Re: NtQueryInformationProcess hook
Posted: Wed Aug 13, 2014 2:01 pm
by Buster
Curt@invincea wrote:Buster wrote:Sandboxie 4.13.1 will include this feature?
That will probably be in 4.13.2.
Has been included?
Re: NtQueryInformationProcess hook
Posted: Thu Aug 14, 2014 12:43 pm
by Curt@invincea
I am working on this right now. It will be in 4.13.3.
Re: NtQueryInformationProcess hook
Posted: Thu Aug 14, 2014 12:52 pm
by Buster
Nice, thanks!